Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services
Salt Labs has exposed a new vulnerability in the popular OAuth framework, which is used in hundreds of online services. The vulnerability in the expo-auth-session library has been assigned CVE-2023-28131. The security gaps identified make services using this framework susceptible to credentials leakage, allowing full account takeover, identity theft, financial fraud, and access to credit cards. Expo has created a hotfix that automatically provides mitigation, but it recommends customers update their deployment to fully remove the risk. OAuth is an open authorization standard designed to allow cross-application access delegation, such as allowing an application to read data from a Facebook profile. CVEs: CVE-2023-28131 [View Article](https://securityboulevard.com/2023/05/salt-labs-exposes-a-new-vulnerability-in-popular-oauth-framework-used-in-hundreds-of-online-services/)